Insider Threat Warning as Scientists Steal Pharma Secrets

Insider Threat Warning as Scientists Steal Pharma Secrets

Security experts are warning corporates to redouble their efforts to guard against the insider threat after federal prosecutors indicted five people including two scientist at GlaxoSmithKline on charges of stealing trade secrets.

The two research scientists, Yu Xue and Lucy Xi, are said to have emailed and downloaded information on around a dozen products to co-conspirators who wanted to “market and sell” the trade secrets through a newly formed Chinese company they set up: Renopharma.

The list of charges in the indictment includes “conspiracy to steal trade secrets, conspiracy to commit wire fraud, conspiracy to commit money laundering, theft of trade secrets, and wire fraud.”

According to the DoJ, many of the products targeted were designed to treat cancer or other serious diseases.

It’s also alleged that to hide the proceeds of the crime, Yu Xue and others roped in her family members.

Yu Xue was apparently one of the top biochemists in her field in the world, but was fired earlier this month, while Xi left the British pharmaceutical giant in November 2015, according to reports.

Jens Puhle, UK managing director at access management firm 8MAN, argued that managers need to exercise vigilance round-the-clock – especially in industries which generate valuable IP like pharmaceuticals.

“The fact that one of those charged with the conspiracy is a senior researcher trusted with access to top secret research demonstrates that organizations cannot be too cautious when it comes to protecting their data,” he argued.

“We have seen examples in the financial sector where even senior executives require permission from the chairman before using a USB stick on the network, making data theft almost impossible.”

All sensitive data should be “locked down” with strict access controls and only made accessible on a need-to-know basis, he added.

“With even the most senior employees still posing a potential risk, companies need to have advanced measures in place that will alert them whenever key files are accessed,” concluded Puhle.

“By sounding the alarm the moment any suspicious behavior is detected, such as accessing files out of hours or offsite, they can catch thieves before it is too late.”

Current employees were the most cited source of compromise in PwC’s Global State of Information Security Survey 2016, accounting for 34% of incidents. Former employees came next with a 29% share.

Source: Information Security Magazine